Security risk with '_kerberos.FQDN'? (Was: One DNS domain - three realms ?)

[Turbo Fredriksson]

Quoting Ken Raeburn <raeburn at mit.edu>:

> There is also an option "dns_lookup_realm" in the "libdefaults"
> section of the config file which, if turned on, will cause a DNS TXT
> record _kerberos.<FQDN> to be checked and, if it's found, the result
> used as the realm name for the host <FQDN>.  However, this option is
> turned off by default as it introduces a security risk.

Could you please elaborate or point me to a page that explains this?
I've never heard of it before (I haven't been paying attention to
this list for the last couple of months :).